-
Notifications
You must be signed in to change notification settings - Fork 178
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
update documentation for azure plugins moved from security centre to …
…defender (#720) * update documentation for azure plugins moved from security centre to defender * update documentation for azure plugins moved from security centre to defender * update auto-provisioning-enabled.md with correct spacing * update high-severity-alerts-enabled.md with correct spacing * update monitor-endpoint-protection.md with spacing changes * update monitor-external-accounts-with-write-permissions.md with spacing changes * update monitor-ip-forwarding.md with spacing changes * update monitor-jit-network-access.md with spacing changes * update monitor-next-generation-firewall.md with spacing changes * update monitor-system-updates.md with spacing changes * update changes in monitor-total-number-of-subscription-owners.md * update security-configuration-monitoring.md with spacing changes * update changes in security-contact-additional-email.md * update security-contacts-enabled-for-subscription-owner.md with spacing changes * update security-contacts-enabled.md with spacing changes * update spacing for standard-pricing-enabled.md * update auto-provisioning-enabled.md with spacing changes --------- Co-authored-by: AkhtarAmir <AkhtarAmir>
- Loading branch information
1 parent
42998e1
commit 3f08e8f
Showing
257 changed files
with
408 additions
and
484 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| [](https://cloudsploit.com) | ||
|
|
||
| # AZURE / Defender / Auto Provisioning Enabled | ||
|
|
||
| ## Quick Info | ||
|
|
||
| | | | | ||
| |-|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | ||
| | **Plugin Title** | Auto Provisioning Enabled | | ||
| | **Cloud** | AZURE | | ||
| | **Category** | Defender | | ||
| | **Description** | Ensures that automatic provisioning of the monitoring agent is enabled.| | ||
| | **More Info** | The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, and endpoint protection and provides alerts.| | ||
| | **AZURE Link** | https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components| | ||
| | **Recommended Action** | Ensure that the data collection settings of the subscription have Auto Provisioning set to enabled.| | ||
|
|
||
| ## Detailed Remediation Steps | ||
|
|
||
| 1. Log in to the Microsoft Azure Management Console. | ||
| 2. Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud". </br> <img src="/resources/azure/defender/auto-provisioning-enabled/step2.png"/> | ||
| 3. On the "Microsoft Defender for Cloud" page scroll down the left navigation panel and choose "Environment Settings". </br> <img src="/resources/azure/defender/auto-provisioning-enabled/step3.png"/> | ||
| 4. On the "Environment Settings" page, select the "Subscription" by clicking on its "Name". </br> <img src="/resources/azure/defender/auto-provisioning-enabled/step4.png"/> | ||
| 5. Under the "Settings" page, click on "Defender Plans". </br> <img src="/resources/azure/defender/auto-provisioning-enabled/step5.png"/> | ||
| 6. On the "Settings | Defender" page, select the "Settings and Monitoring Tab". </br> <img src="/resources/azure/defender/auto-provisioning-enabled/step6.png"/> | ||
| 7. On the settings and Monitoring Page. If the "Log Analytics agent" shows status as turned off, then the "Automatic provisioning" of the monitoring agent is not enabled. </br> <img src="/resources/azure/defender/auto-provisioning-enabled/step7.png"/> | ||
| 8. On the "Settings | Auto provisioning" page, turn the status "ON" for "Log Analytics agent for Azure VMs" by toggling it. </br> <img src="/resources/azure/defender/auto-provisioning-enabled/step8.png"/> | ||
| 9. This will open the "Auto Provisioning configuration". Under Workplace Selection, select the "Default Workspace(s)" and select "Apply" to save changes. </br> <img src="/resources/azure/defender/auto-provisioning-enabled/step9.png"/> | ||
| 10. Repeat step number 3 - 9 to ensure that the data collection settings of the subscription have Auto Provisioning set to enabled.</br> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| [](https://cloudsploit.com) | ||
|
|
||
| # AZURE / Defender / High Severity Alerts Enabled | ||
|
|
||
| ## Quick Info | ||
|
|
||
| | | | | ||
| |-|-------------------------------------------------------------------------------------------------------------------------------------------------------------| | ||
| | **Plugin Title** | High Severity Alerts Enabled| | ||
| | **Cloud** | AZURE| | ||
| | **Category** | Defender| | ||
| | **Description** | Ensures that high severity alerts are enabled and properly configured.| | ||
| | **More Info** | Enabling high severity alerts ensures that microsoft alerts for potential security issues are sent and allows for quick mitigation of the associated risks. | | ||
| | **AZURE Link** | https://learn.microsoft.com/en-us/azure/defender-for-cloud/configure-email-notifications| | ||
| | **Recommended Action** | Enable email alert notification and configure its severity level.| | ||
|
|
||
| ## Detailed Remediation Steps | ||
|
|
||
| 1. Log in to the Microsoft Azure Management Console. | ||
| 2. Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud". </br> <img src="/resources/azure/defender/high-severity-alerts-enabled/step2.png"/> | ||
| 3. On the "Microsoft Defender for Cloud" page, scroll down the left navigation panel and choose "Environment Settings". </br> <img src="/resources/azure/defender/high-severity-alerts-enabled/step3.png"/> | ||
| 4. On the "Environment Settings" page, select the "Subscription" by clicking on the "Name".</br> <img src="/resources/azure/defender/high-severity-alerts-enabled/step4.png"/> | ||
| 5. Under the "Settings | Defender plans " page, click on the "Email Notifications". </br> <img src="/resources/azure/defender/high-severity-alerts-enabled/step5.png"/> | ||
| 6. On the "Settings | Email notifications" page under "Email recipients" if the "Additional email addresses (separated by commas)" is empty and only "owner" is selected in "All users with the following roles" then high severity alerts are not configured to be sent to the admins. </br> <img src="/resources/azure/defender/high-severity-alerts-enabled/step6.png"/> | ||
| 7. Under "Email recipients", click the dropdown for "All users with the following roles" and check mark "AccountAdmin and "ServiceAdmin" along with owner and enter one or more than one "Email addresses" separated by "comma in section "Additional email addresses (separated by commas)". </br> <img src="/resources/azure/defender/high-severity-alerts-enabled/step7.png"/> | ||
| 8. Under "Notification types" select "High" from the dropdown next to "Notify about alerts with the following severity (or higher). Click on the "Save" button to make the changes. </br> <img src="/resources/azure/defender/high-severity-alerts-enabled/step8.png"/> | ||
| 9. Repeat step number 3 - 8 to ensure that high severity alerts are configured to be sent to subscription owners. </br> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| [](https://cloudsploit.com) | ||
|
|
||
| # AZURE / Defender / Monitor Endpoint Protection | ||
|
|
||
| ## Quick Info | ||
|
|
||
| | || | ||
| |-|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | ||
| | **Plugin Title** | Monitor Endpoint Protection| | ||
| | **Cloud** | AZURE| | ||
| | **Category** | Defender| | ||
| | **Description** | Ensures Endpoint Protection monitoring is enabled in Microsoft Defender.| | ||
| | **More Info** | When this setting is enabled, Microsoft Defender for Cloud audits the Endpoint Protection setting for all virtual machines for malware protection.| | ||
| | **AZURE Link** | https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference| | ||
| | **Recommended Action** | Enable Adaptive Application Controls for Endpoint Protection from the Microsoft Defender by ensuring AuditIfNotExists setting is used to monitor missing Endpoint Protection. | | ||
|
|
||
| ## Detailed Remediation Steps | ||
| 1. Log in to the Microsoft Azure Management Console. | ||
| 2. Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud". </br> <img src="/resources/azure/defender/monitor-endpoint-protection/step2.png"/> | ||
| 3. Scroll down the left navigation panel and select "Environment Settings" under "Management".</br> <img src="/resources/azure/defender/monitor-endpoint-protection/step3.png"/> | ||
| 4. On the "Microsoft Defender for Cloud | Environment settings" page, under the "Name" column, select the "Subscription Name" that needs to be verified by clicking on its Name. </br> <img src="/resources/azure/defender/monitor-endpoint-protection/step4.png"/> | ||
| 5. On the "Settings" page, Defender Plans. Select the "Settings & Monitoring" Tab on the top. </br> <img src="/resources/azure/defender/monitor-endpoint-protection/step5.png"/> | ||
| 6. On the "Settings | Defender plans" page, Navigate to the "Guest Configuration agent" plan. </br> <img src="/resources/azure/defender/monitor-endpoint-protection/step6.png"/> | ||
| 7. Enable the "Guest Configuration agent" by toggling its Status to "On". </br> <img src="/resources/azure/defender/monitor-endpoint-protection/step7.png"/> | ||
| 8. On the "Settings & Monitoring" Page, click on the "Continue" Button at the top. </br> <img src="/resources/azure/defender/monitor-endpoint-protection/step8.png"/> | ||
| 9. On the "Settings | Defender plans" Page, click on the "Save" Button at the top. </br> <img src="/resources/azure/defender/monitor-endpoint-protection/step9.png"/> | ||
| 10. Repeat steps 3 - 9 to ensure "Endpoint Protection Monitoring" is configured from Microsoft Defender for Cloud. </br> |
29 changes: 29 additions & 0 deletions
29
en/azure/defender/monitor-external-accounts-with-write-permissions.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| [](https://cloudsploit.com) | ||
|
|
||
| # AZURE / Defender / Monitor External Accounts with Write Permissions | ||
|
|
||
| ## Quick Info | ||
|
|
||
| | || | ||
| |-|----------------------------------------------------------------------------------------------------------------| | ||
| | **Plugin Title** | Monitor External Accounts with Write Permissions| | ||
| | **Cloud** | AZURE | | ||
| | **Category** | Defender | | ||
| | **Description** | Ensures that External Accounts with Write Permissions are being Monitored in Microsoft Defender. | | ||
| | **More Info** | External Accounts with Write Permissions should be monitored to meet you organization's security compliance requirements. | | ||
| | **AZURE Link** | https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference | | ||
| | **Recommended Action** | Enable Monitor for External Accounts with Write Permissions by ensuring AuditIfNotExists setting is used for 'External accounts with write permissions should be removed from your subscription' from the Microsoft Defender. | | ||
|
|
||
| ## Detailed Remediation Steps | ||
|
|
||
| 1. Log in to the Microsoft Azure Management Console. | ||
| 2. Select the "Search resources, services, and docs" option at the top and search for "Policy" and select the "Policy". </br> <img src="/resources/azure/defender/monitor-external-accounts-with-write-permissions/step2.png"/> | ||
| 3. Scroll down the left navigation panel and select "Compliance". </br> <img src="/resources/azure/defender/monitor-external-accounts-with-write-permissions/step3.png"/> | ||
| 4. On the "Policy | Compliance" page, under "Name" column select compliance for the "Scope" of necessary Subscription. </br> <img src="/resources/azure/defender/monitor-external-accounts-with-write-permissions/step4.png"/> | ||
| 5. On the "Policy| Compliance" page select the "View Assignment" Tab on the top. </br> <img src="/resources/azure/defender/monitor-external-accounts-with-write-permissions/step5.png"/> | ||
| 6. On the "Policy| Compliance | Subscription" page, Select the "Edit Assignment" Tab at the top. </br> <img src="/resources/azure/defender/monitor-external-accounts-with-write-permissions/step6.png"/> | ||
| 7. On the Assign Initiative page, select the "Parameters" tab and uncheck "Only show parameters that need input or review". It will show you a list of parameters. </br> <img src="/resources/azure/defender/monitor-external-accounts-with-write-permissions/step7.png"/> | ||
| 8. In the list search for the setting "External accounts with write permissions should be removed from your subscription". If it's set to "Disabled" then "External accounts Monitoring" is not enabled on the selected "Subscription". </br> <img src="/resources/azure/defender/monitor-external-accounts-with-write-permissions/step8.png"/> | ||
| 9. To enable "External accounts Monitoring" click to open the dropdown of "External accounts with write permissions should be removed from your subscription" and select the "AuditIfNotExists" option. </br> <img src="/resources/azure/defender/monitor-external-accounts-with-write-permissions/step9.png"/> | ||
| 10. Click on the "Review + save" button to make the necessary changes. </br> <img src="/resources/azure/defender/monitor-external-accounts-with-write-permissions/step10.png"/> | ||
| 11. Repeat steps number 3 - 10 to ensure ""External accounts Monitoring" is configured from the Azure Defender. </br> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| [](https://cloudsploit.com) | ||
|
|
||
| # AZURE / Defender / Monitor IP Forwarding | ||
|
|
||
| ## Quick Info | ||
|
|
||
| | | | | ||
| |-|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | ||
| | **Plugin Title** | Monitor IP Forwarding| | ||
| | **Cloud** | AZURE | | ||
| | **Category** | Defender | | ||
| | **Description** | Ensures that Virtual Machine IP Forwarding Monitoring is enabled in Microsoft Defender. | | ||
| | **More Info** | IP Forwarding feature should be monitored to meet you organization's security compliance requirements. | | ||
| | **AZURE Link** | https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference | | ||
| | **Recommended Action** | Enable IP Forwarding Monitoring by ensuring AuditIfNotExists setting is used for 'IP Forwarding on your virtual machine should be disabled' from the Microsoft Defender. | | ||
|
|
||
| ## Detailed Remediation Steps | ||
|
|
||
| 1. Log in to the Microsoft Azure Management Console. | ||
| 2. Select the "Search resources, services, and docs" option at the top and search for "Policy" and select the "Policy". </br> <img src="/resources/azure/defender/monitor-ip-forwarding/step2.png"/> | ||
| 3. Scroll down the left navigation panel and select "Compliance". </br> <img src="/resources/azure/defender/monitor-ip-forwarding/step3.png"/> | ||
| 4. On the "Policy | Compliance" page, under "Name" column select compliance for the "Scope" of necessary Subscription. </br> <img src="/resources/azure/defender/monitor-ip-forwarding/step4.png"/> | ||
| 5. On the "Policy| Compliance" page select the "View Assignment" Tab on the top. </br> <img src="/resources/azure/defender/monitor-ip-forwarding/step5.png"/> | ||
| 6. On the "Policy| Compliance | Subscription" page, Select the "Edit Assignment" Tab at the top. </br> <img src="/resources/azure/defender/monitor-ip-forwarding/step6.png"/> | ||
| 7. On the Assign Initiative page, select the "Parameters" tab and uncheck "Only show parameters that need input or review". It will show you a list of parameters. </br> <img src="/resources/azure/defender/monitor-ip-forwarding/step7.png"/> | ||
| 8. In the list search for the setting "IP Forwarding on your virtual machine should be disabled". If it's set to "Disabled" then "IP Forwarding Monitoring" is not enabled on the selected "Subscription". </br> <img src="/resources/azure/defender/monitor-ip-forwarding/step8.png"/> | ||
| 9. To enable "IP Forwarding Monitoring" click to open the dropdown of "IP Forwarding on your virtual machine should be disabled" and select the "AuditIfNotExists" option. </br> <img src="/resources/azure/defender/monitor-ip-forwarding/step9.png"/> | ||
| 10. Click on the "Review + save" button to make the necessary changes. </br> <img src="/resources/azure/defender/monitor-ip-forwarding/step10.png"/> | ||
| 11. Repeat steps number 3 - 10 to ensure "IP Forwarding Monitoring" is configured from the Azure Defender.</br> |
Oops, something went wrong.